Maria Welleda Baldoni • Ciro Ciliberto

Giulia Maria Piacentini Cattaneo

Elementary

Number Theory,

Cryptography

and Codes

123

Maria Welleda Baldoni

Ciro Ciliberto

Giulia Maria Piacentini Cattaneo

Università di Roma - Tor Vergata

Dipartimento di Matematica

Via della Ricerca Scientifica, 1

00133 Roma

Italy

baldoni@mat.uniroma2.it

cilibert@mat.uniroma2.it

piacentini@mat.uniroma2.it

ISBN 978-3-540-69199-0

e-ISBN 978-3-540-69200-3

Library of Congress Control Number: 2008938959

Mathematics Subject Classification (2000): 11G05, 14G50, 94B05

c 2009 Springer-Verlag Berlin Heidelberg

This work is subject to copyright. All rights are reserved, whether the whole or part of the material

is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data banks. Duplication of

this publication or parts thereof is permitted only under the provisions of the German Copyright Law

of September 9, 1965, in its current version, and permission for use must always be obtained from

Springer. Violations are liable to prosecution under the German Copyright Law.

The use of general descriptive names, registered names, trademarks, etc. in this publication does not

imply, even in the absence of a specific statement, that such names are exempt from the relevant

protective laws and regulations and therefore free for general use.

Cover figure from Balla, Ciacomo © VG Bild-Kunst, Bonn 2008

Cover design: WMX Design GmbH, Heidelberg

Printed on acid-free paper

987654321

springer.com

Introduction

Mathematics, possibly due to its intrinsic abstraction, is considered to be a

merely intellectual subject, and therefore extremely remote from everyday

human activities. Surprisingly, this idea is sometimes found not only among

laymen, but among working mathematicians as well. So much so that mathematicians often talk about pure mathematics as opposed to applied mathematics and sometimes attribute to the former a questionable birthright.

On the other hand, it has been remarked that those two categories do

not exist but, just as we have good and bad literature, or painting, or music,

so we have good or bad mathematics: the former is applicable, even if at

ﬁrst sight this is not apparent, in any number of ﬁelds, while the latter is

worthless, even within mathematics itself. However, one must recognise the

truth in the interesting sentence with which two of our colleagues, experts

about applications, begin the preface to the book [47]: In theory there is no

diﬀerence between theory and practice. In practice there is.

We believe that this diﬀerence cannot be ascribed to the intrinsic nature

of mathematical theories, but to the stance of each single mathematician who

creates or uses these theories. For instance, until recently the branch of mathematics regarded as the closest to applications was undoubtedly mathematical

analysis and especially the theory of diﬀerential equations. The branches of

mathematics supposed to be farthest from applications were algebra and number theory. So much so that a mathematician of the calibre of G. H. Hardy

claimed in his book [25] the supremacy of number theory, which was to be

considered the true queen of mathematics, precisely due to its distance from

the petty concerns of everyday life. This made mathematics, in his words,

“gentle and clean”. A strange opinion indeed, since the ﬁrst developments of

algebra and number theory among the Arabs and the European merchants

in the Middle Ages ﬁnd their motivation exactly in very concrete problems

arising in business and accountancy.

Hardy’s opinion, dating back to the 1940s, was based upon a prejudice,

then largely shared among scientists. It is quite peculiar that Hardy did not

know, or pretended not to know, that A. Turing, whom he knew very well, had

VI

Introduction

used that very mathematics he considered so detached to break the Enigma

code, working for English secret services, dealing a deadly blow to German

espionage (cf. [28]). However, the role played by algebra and number theory

in military and industrial cryptography is well known from time immemorial.

Perhaps Hardy incorrectly believed that the mathematical tools then used in

cryptography, though sometimes quite complex, were nevertheless essentially

elementary, not more than combinatorial tricks requiring a measure of extemporaneous talent to be devised or cracked, but leading to no solid, important,

and enduring theories.

The advances in computer science in the last sixty years have made cryptography a fundamental part of all aspects of contemporary life. More precisely, cryptography studies transmission of data, coded in such a way that

authorised receivers only may decode them, and be sure about their provenience, integrity and authenticity. The development of new, non-classical cryptographic techniques, like public-key cryptography, have promoted and enhanced the applications of this branch of the so-called discrete mathematics,

which studies, for instance, the enumeration of symbols and objects, the construction of complex structures starting with simpler ones, and so on. Algebra

and number theory are essential tools for this branch of mathematics, which

is in a natural way suitable for the workings of computers, whose language

is intrinsically discrete rather than continuous, and is essential in the construction of all security systems for data transmission. So, even if we are not

completely aware of it, each time we use credit cards, on-line bank accounts

or e-mail, we are actually fully using algebra and numbers. But there is more:

the same techniques have been applied since the 1940s to the transmission

of data on channels where interference is present. This is the subject of the

theory of error-correcting codes which, though unwittingly, we use daily in

countless ways: for instance when we listen to music recorded on a CD or

when surﬁng the Web.

This textbook originated from the teaching experience of the authors at

the University of Rome “Tor Vergata” where, in the past years, they taught

this subject to Mathematics, Computer Science, Electronic Engineering and

Information Technology students, as well as for the “Scuola di Insegnamento

a Distanza”, and at several diﬀerent levels. They gave courses with a strong

algebraic or geometric content, but keeping in mind the algorithmic and constructive aspects of the theories and the applications we have been mentioning.

The point of view of this textbook is to be friendly and elementary. Let

us try to explain what we mean by these terms.

By friendly we mean our attempt to always give motivations of the theoretical results we show to the reader, by means of examples we consider to be

simple, meaningful, sometimes entertaining, and useful for the applications.

Indeed, starting from the examples, we have expounded the general methods

of resolution of problems that only apparently look diﬀerent in form, setting

and language. With this in mind, we have aimed to a simple and colloquial

Introduction

VII

style, while never losing sight of the formal rigour required in a mathematical

treatise.

By elementary we mean that we assume our readers to have a quite limited

background in basic mathematical knowledge. As a rule of the thumb, a student having followed a good ﬁrst semester in Mathematics, Physics, Computer

Science or Engineering may conﬁdently venture through this book. However,

we have tried to make the treatment as self-contained as possible regarding the

elements of algebra and number theory needed in cryptography and coding

theory applications. Elementary, however, does not mean easy: we introduced

quite advanced concepts, but did so gradually and always trying to accompany

the reader, without assuming previous advanced knowledge.

The starting point of this book is the well-known set of integer numbers

and their arithmetic, that is the study of the operations of addition e multiplication. Chapter 1 aims to make the reader familiar with integer numbers.

Here mathematical induction and recursion are covered, giving applications

to several concrete problems, such as the analysis of dynamics of populations

with assigned reproduction rules, the computation of numbers of moves in

several games, and so on. The next topics are divisions, the greatest common

divisor and how to compute it using the well-known Euclidean algorithm, the

resolution of Diophantine equations, and numeral systems in diﬀerent bases.

These basic notions are ﬁrst presented in an elementary way and then a more

general theoretical approach is given, by introducing the concept of Euclidean

ring. The last part of the chapter is devoted to continued fractions.

One of the goals of Chapter 1 is to show how, in order to solve concrete

problems using mathematical methods, the ﬁrst step is to build a mathematical model that allows a translation into one or more mathematical problems.

The next step is the determination of suitable algorithms, that is procedures

consisting of a ﬁnite sequence of elementary operations yielding the solution

to the mathematical problems describing the initial question. In Chapter 2

we discuss the fundamental concept of computational complexity of an algorithm, which basically counts the elementary operations an algorithm consists

of, thus evaluating the time needed to execute it. The importance of this concept is manifest: among the algorithms we have to distinguish the feasible

ones, that is those executable in a suﬃciently short time, and the unfeasible

ones, due to the time needed for their execution being too long independently

of the computing device used. The algorithms of the ﬁrst kind are the polynomial ones, while among those of the second kind there are, for instance,

the exponential ones. We proceed then to calculate the complexity of some

fundamental algorithms used to perform elementary operations with integer

numbers.

In Chapter 3 we introduce the concept of congruence, which allows the

passage from the inﬁnite set of integer numbers to the ﬁnite set of residue

classes. This passage from inﬁnite to ﬁnite enables us to implement the elementary operations on integers in computer programming: a computer, in

fact, can work on a ﬁnite number of data only.

VIII

Introduction

Chapter 4 is devoted to the fundamental problem of factoring integer

numbers. So we discuss prime numbers, which are the building blocks of the

structure of integer numbers, in the sense that each integer number may be

represented as a product of prime numbers: this is the so-called factorisation

of an integer number. Factoring an integer number is an apparently harmless

problem from a theoretical viewpoint: the factorisation exists, it is essentially

unique, and it can be found by the famous sieve of Eratosthenes. We show,

however, the unfeasibility of this exponential algorithm. For instance, in 1979

it has been proved that the number 244497 − 1, having 13395 decimal digits, is

prime: by using the sieve of Eratosthenes, it would take a computer executing

one million multiplications per second about 106684 years to get this result!

The modern public-key cryptography, covered in Chapter 7, basically relies

on the diﬃculty of factoring an integer number. In Chapter 4 elements of the

general theory of factorial rings can also be found, in particular as regards its

application to polynomials.

In Chapter 5 ﬁnite ﬁelds are introduced; they are a generalisation of the

rings of residue classes of integers modulo a prime number. Finite ﬁelds are

fundamental for the applications to cryptography and codes. Here we present

their main properties, expounded with several examples. We give an application of ﬁnite ﬁelds to the resolution of polynomial Diophantine equations.

In particular, we prove the law of quadratic reciprocity, the key to solving

second degree congruences.

In Chapter 6 most of the theory presented so far is applied to the search for

primality tests, that is algorithms to determine whether a number is prime

or not, and for factorisation methods more sophisticated than the sieve of

Eratosthenes; even if they are in general exponential algorithms, just like

Eratosthenes’, in special situations they may become much more eﬃcient. In

particular, we present some primality tests of probabilistic type: they are able

to discover in a very short time whether a number has a high probability of

being a prime number. Moreover, we give the proof of a recent polynomial

primality test due to M. Agrawal, N. Kayal and N. Saxena; its publication

has aroused a wide interest among the experts.

Chapter 7 describes the applications to cryptography. Firstly, we describe

several classical cryptographic methods, and discuss the general laying out

of a cryptographic system and the problem of cryptanalysis, which studies

the techniques to break such a system. We introduce next the revolutionary

concept of public-key cryptography, on which the transmission of the bulk

of conﬁdential information, distinctive of our modern society, relies. We discuss several public-key ciphers, main among them the well-known RSA system, whose security relies on the computational diﬃculty of factoring large

numbers, and some of its variants making it possible, for instance, the electronic authentication of signatures. Recently new frontiers for cryptography,

especially regarding security, have been opened by the interaction of classical

algebra and arithmetic with ideas and concepts originating from algebraic geometry, and especially the study of a class of plane curves known as elliptic

Introduction

IX

curves. At the end of the chapter an introduction to these important developments is given.

Chapter 8 presents an introduction to coding theory, already mentioned

above. This is a recent branch of mathematics in which sophisticated combinatorial, algebraic and geometric techniques converge, in order to study the

mathematical aspects of the problem of transmitting data through noisy channels. In other words, coding theory studies techniques to send data through a

channel when we give for granted that some errors will happen during transmission. These techniques enable us to correct the errors that might arise, as

well as to quickly encode and decode the data we intend to send.

In Chapter 9 we give a quick glance at the new frontiers oﬀered by quantum cryptography, which relies on ideas originating in quantum mechanics.

This branch of physics makes the creation of a quantum computer at least

conceivable; if such a computer were actually built, it could execute in polynomial time computations a usual computer would need an exponential time

to perform. This would make all present cryptographic systems vulnerable,

seriously endangering civil, military, ﬁnancial security systems. This might result in the collapse of our civilisation, largely based on such systems. On the

other hand, by its very nature, the concept of a quantum computer allows the

design of absolutely unassailable quantum cryptographic systems, even by a

quantum computer; furthermore, such systems have the astonishing property

of being able to detect if eavesdroppers attempt, even unsuccessfully, to hear

in on a restricted communication.

Each chapter is followed by an appendix containing:

• a list of exercises on the theory presented there, with several levels of

diﬃculty; in some of them proofs of supplementary theorems or alternative

proofs of theorems already proved in the text are given;

• a list of exercises from a computational viewpoint;

• suggestions for programming exercises.

The most diﬃcult exercises are marked by an asterisk. At the end of the

book many of the exercises are solved, especially the hardest theoretical ones.

Some sections of the text may be omitted in a ﬁrst reading. They are set

in a smaller type, and so are the appendices.

We wrote this book having in mind students of Mathematics, Physics,

Computer Science, Engineering, as well as researchers who are looking for an

introduction, without entering in too many details, to the themes we have

quickly described above.

In particular, the book can be useful as a complementary text for ﬁrst and

second year students in Mathematics, Physics or Computer Science taking

a course in Algebra or Discrete Mathematics. In Chapters 1, 3, and 4 they

will ﬁnd a concrete approach, with many examples and exercises, to some

basic algebraic theories. Chapters 5 and 6, though more advanced, are in our

opinion within the reach of a reader of this category.

X

Introduction

The text is particularly suitable for a second or third year course giving

an introduction to cryptography or to codes. Students of such a course will

probably already have been exposed to the contents of Chapters 1, 3, and 4;

so teachers can limit themselves to quick references to them, suggesting to

the students only to solve some exercises. They can then devote more time to

the material from Chapter 5 on, and particularly to Chapter 7, giving more

or less space to Chapters 8 and 9.

The bibliography lists texts suggested for further studies in cryptography

and codes, useful for more advanced courses.

A ﬁrst version of this book, titled “Note di matematica discreta”, was

published in 2002 by Aracne; we are very grateful to the publishers for their

permission for the publication of this book. This edition is widely expanded

and modiﬁed: the material is presented diﬀerently, several new sections and

in-depth analysis have been added, a wider selection of solved exercises is

oﬀered.

Lastly, we thank Dr Alberto Calabri for supervising the layout of the book

and the editing of the text, especially as regards the exercise sections.

Rome,

August 2008

M. Welleda Baldoni

Ciro Ciliberto

Giulia Maria Piacentini Cattaneo

Contents

1

A round-up on numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.1 Mathematical induction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.2 The concept of recursion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.2.1 Fibonacci numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.2.2 Further examples of population dynamics . . . . . . . . . . . . .

1.2.3 The tower of Hanoi: a non-homogeneous linear case . . . .

1.3 The Euclidean algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.3.1 Division . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.3.2 The greatest common divisor . . . . . . . . . . . . . . . . . . . . . . . .

1.3.3 B´ezout’s identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.3.4 Linear Diophantine equations . . . . . . . . . . . . . . . . . . . . . . .

1.3.5 Euclidean rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.3.6 Polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.4 Counting in diﬀerent bases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.4.1 Positional notation of numbers . . . . . . . . . . . . . . . . . . . . . .

1.4.2 Base 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.4.3 The four operations in base 2 . . . . . . . . . . . . . . . . . . . . . . . .

1.4.4 Integer numbers in an arbitrary base . . . . . . . . . . . . . . . . .

1.4.5 Representation of real numbers in an arbitrary base . . . .

1.5 Continued fractions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.5.1 Finite simple continued fractions and rational numbers .

1.5.2 Inﬁnite simple continued fractions and irrational

numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.5.3 Periodic continued fractions . . . . . . . . . . . . . . . . . . . . . . . . .

1.5.4 A geometrical model for continued fractions . . . . . . . . . . .

1.5.5 The approximation of irrational numbers by convergents

1.5.6 Continued fractions and Diophantine equations . . . . . . . .

Appendix to Chapter 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

A1 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

B1 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C1 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1

1

5

6

11

13

14

14

16

17

20

21

23

30

30

32

33

39

40

43

44

48

56

57

58

61

62

62

73

84

XII

Contents

2

Computational complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

2.1 The idea of computational complexity . . . . . . . . . . . . . . . . . . . . . . 87

2.2 The symbol O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

2.3 Polynomial time, exponential time . . . . . . . . . . . . . . . . . . . . . . . . . 92

2.4 Complexity of elementary operations . . . . . . . . . . . . . . . . . . . . . . . 95

2.5 Algorithms and complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

2.5.1 Complexity of the Euclidean algorithm . . . . . . . . . . . . . . . 98

2.5.2 From binary to decimal representation: complexity . . . . . 101

2.5.3 Complexity of operations on polynomials . . . . . . . . . . . . . 101

2.5.4 A more eﬃcient multiplication algorithm . . . . . . . . . . . . . . 103

2.5.5 The Ruﬃni–Horner method . . . . . . . . . . . . . . . . . . . . . . . . . 105

Appendix to Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

A2 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

B2 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

C2 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

3

From inﬁnite to ﬁnite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

3.1 Congruence: fundamental properties . . . . . . . . . . . . . . . . . . . . . . . . 115

3.2 Elementary applications of congruence . . . . . . . . . . . . . . . . . . . . . . 120

3.2.1 Casting out nines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

3.2.2 Tests of divisibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

3.3 Linear congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

3.3.1 Powers modulo n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

3.4 The Chinese remainder theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

3.5 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

3.5.1 Perpetual calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

3.5.2 Round-robin tournaments . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Appendix to Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

A3 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

B3 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

C3 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

4

Finite is not enough: factoring integers . . . . . . . . . . . . . . . . . . . . . 149

4.1 Prime numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

4.1.1 The Fundamental Theorem of Arithmetic . . . . . . . . . . . . . 150

4.1.2 The distribution of prime numbers . . . . . . . . . . . . . . . . . . . 152

4.1.3 The sieve of Eratosthenes . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

4.2 Prime numbers and congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

4.2.1 How to compute Euler function . . . . . . . . . . . . . . . . . . . . . . 160

4.2.2 Fermat’s little theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

4.2.3 Wilson’s theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

4.3 Representation of rational numbers in an arbitrary base . . . . . . 166

4.4 Fermat primes, Mersenne primes and perfect numbers . . . . . . . . 168

4.4.1 Factorisation of integers of the form bn ± 1 . . . . . . . . . . . . 168

4.4.2 Fermat primes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Contents

XIII

4.4.3 Mersenne primes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

4.4.4 Perfect numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

4.5 Factorisation in an integral domain . . . . . . . . . . . . . . . . . . . . . . . . . 173

4.5.1 Prime and irreducible elements in a ring . . . . . . . . . . . . . . 174

4.5.2 Factorial domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

4.5.3 Noetherian rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

4.5.4 Factorisation of polynomials over a ﬁeld . . . . . . . . . . . . . . 179

4.5.5 Factorisation of polynomials over a factorial ring . . . . . . . 182

4.5.6 Polynomials with rational or integer coeﬃcients . . . . . . . . 188

4.6 Lagrange interpolation and its applications . . . . . . . . . . . . . . . . . . 191

4.7 Kronecker’s factorisation method . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Appendix to Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

A4 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

B4 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

C4 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

5

Finite ﬁelds and polynomial congruences . . . . . . . . . . . . . . . . . . . 213

5.1 Some ﬁeld theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

5.1.1 Field extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

5.1.2 Algebraic extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

5.1.3 Splitting ﬁeld of a polynomial . . . . . . . . . . . . . . . . . . . . . . . 217

5.1.4 Roots of unity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

5.1.5 Algebraic closure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

5.1.6 Finite ﬁelds and their subﬁelds . . . . . . . . . . . . . . . . . . . . . . 220

5.1.7 Automorphisms of ﬁnite ﬁelds . . . . . . . . . . . . . . . . . . . . . . . 222

5.1.8 Irreducible polynomials over Zp . . . . . . . . . . . . . . . . . . . . . . 222

5.1.9 The ﬁeld F4 of order four . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

5.1.10 The ﬁeld F8 of order eight . . . . . . . . . . . . . . . . . . . . . . . . . . 225

5.1.11 The ﬁeld F16 of order sixteen . . . . . . . . . . . . . . . . . . . . . . . . 226

5.1.12 The ﬁeld F9 of order nine . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

5.1.13 About the generators of a ﬁnite ﬁeld . . . . . . . . . . . . . . . . . 227

5.1.14 Complexity of operations in a ﬁnite ﬁeld . . . . . . . . . . . . . . 228

5.2 Non-linear polynomial congruences . . . . . . . . . . . . . . . . . . . . . . . . . 229

5.2.1 Degree two congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

5.2.2 Quadratic residues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

5.2.3 Legendre symbol and its properties . . . . . . . . . . . . . . . . . . . 238

5.2.4 The law of quadratic reciprocity . . . . . . . . . . . . . . . . . . . . . 243

5.2.5 The Jacobi symbol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

5.2.6 An algorithm to compute square roots . . . . . . . . . . . . . . . . 248

Appendix to Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

A5 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

B5 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

C5 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

XIV

Contents

6

Primality and factorisation tests . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

6.1 Pseudoprime numbers and probabilistic tests . . . . . . . . . . . . . . . . 261

6.1.1 Pseudoprime numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

6.1.2 Probabilistic tests and deterministic tests . . . . . . . . . . . . . 263

6.1.3 A ﬁrst probabilistic primality test . . . . . . . . . . . . . . . . . . . . 263

6.1.4 Carmichael numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

6.1.5 Euler pseudoprimes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

6.1.6 The Solovay–Strassen probabilistic primality test . . . . . . 268

6.1.7 Strong pseudoprimes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

6.1.8 The Miller–Rabin probabilistic primality test . . . . . . . . . . 272

6.2 Primitive roots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

6.2.1 Primitive roots and index . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

6.2.2 More about the Miller–Rabin test . . . . . . . . . . . . . . . . . . . . 279

6.3 A polynomial deterministic primality test . . . . . . . . . . . . . . . . . . . 281

6.4 Factorisation methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

6.4.1 Fermat factorisation method . . . . . . . . . . . . . . . . . . . . . . . . 291

6.4.2 Generalisation of Fermat factorisation method . . . . . . . . . 292

6.4.3 The method of factor bases . . . . . . . . . . . . . . . . . . . . . . . . . 294

6.4.4 Factorisation and continued fractions . . . . . . . . . . . . . . . . . 299

6.4.5 The quadratic sieve algorithm . . . . . . . . . . . . . . . . . . . . . . . 300

6.4.6 The ρ method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

6.4.7 Variation of ρ method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

Appendix to Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

A6 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

B6 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

C6 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

7

Secrets. . . and lies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

7.1 The classic ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

7.1.1 The earliest secret messages in history . . . . . . . . . . . . . . . . 319

7.2 The analysis of the ciphertext . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

7.2.1 Enciphering machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

7.3 Mathematical setting of a cryptosystem . . . . . . . . . . . . . . . . . . . . . 330

7.4 Some classic ciphers based on modular arithmetic . . . . . . . . . . . . 334

7.4.1 Aﬃne ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

7.4.2 Matrix or Hill ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

7.5 The basic idea of public key cryptography . . . . . . . . . . . . . . . . . . . 341

7.5.1 An algorithm to compute discrete logarithms . . . . . . . . . . 344

7.6 The knapsack problem and its applications to cryptography . . . 345

7.6.1 Public key cipher based on the knapsack problem,

or Merkle–Hellman cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . 348

7.7 The RSA system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349

7.7.1 Accessing the RSA system . . . . . . . . . . . . . . . . . . . . . . . . . . 351

7.7.2 Sending a message enciphered with the RSA system . . . . 352

7.7.3 Deciphering a message enciphered with the

RSA system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

Contents

XV

7.7.4 Why did it work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

7.7.5 Authentication of signatures with the RSA system . . . . . 360

7.7.6 A remark about the security of RSA system . . . . . . . . . . . 362

7.8 Variants of RSA system and beyond . . . . . . . . . . . . . . . . . . . . . . . . 363

7.8.1 Exchanging private keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363

7.8.2 ElGamal cryptosystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364

7.8.3 Zero-knowledge proof: persuading that a result is

known without revealing its content nor its proof . . . . . . 365

7.8.4 Historical note . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

7.9 Cryptography and elliptic curves . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

7.9.1 Cryptography in a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

7.9.2 Algebraic curves in a numerical aﬃne plane . . . . . . . . . . . 368

7.9.3 Lines and rational curves . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

7.9.4 Hyperelliptic curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370

7.9.5 Elliptic curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372

7.9.6 Group law on elliptic curves . . . . . . . . . . . . . . . . . . . . . . . . . 374

7.9.7 Elliptic curves over R, C and Q . . . . . . . . . . . . . . . . . . . . . . 380

7.9.8 Elliptic curves over ﬁnite ﬁelds . . . . . . . . . . . . . . . . . . . . . . 381

7.9.9 Elliptic curves and cryptography . . . . . . . . . . . . . . . . . . . . . 384

7.9.10 Pollard’s p − 1 factorisation method . . . . . . . . . . . . . . . . . . 385

Appendix to Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

A7 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

B7 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390

C7 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401

8

Transmitting without. . . fear of errors . . . . . . . . . . . . . . . . . . . . . 405

8.1 Birthday greetings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406

8.2 Taking photos in space or tossing coins, we end up at codes . . . 407

8.3 Error-correcting codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410

8.4 Bounds on the invariants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413

8.5 Linear codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419

8.6 Cyclic codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425

8.7 Goppa codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429

Appendix to Chapter 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436

A8 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436

B8 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

C8 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443

9

The future is already here: quantum cryptography . . . . . . . . . 445

9.1 A ﬁrst foray into the quantum world: Young’s experiment . . . . . 446

9.2 Quantum computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449

9.3 Vernam’s cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

9.4 A short glossary of quantum mechanics . . . . . . . . . . . . . . . . . . . . . 454

9.5 Quantum cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

Appendix to Chapter 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

XVI

Contents

A9

B9

C9

Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468

Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

Solution to selected exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471

Exercises of Chapter 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471

Exercises of Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482

Exercises of Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483

Exercises of Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487

Exercises of Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492

Exercises of Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Exercises of Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498

Exercises of Chapter 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501

Exercises of Chapter 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511

1

A round-up on numbers

This chapter rounds up some basic notions about numbers; we shall need them

later on, and it is useful to ﬁx the ideas on some concepts and techniques which

will be investigated in this book. Some of what follows will be studied again

in more detail, but we shall assume a basic knowledge about:

• some elements of set theory and logic (see for instance [43]);

• the construction of the fundamental number sets:

N = the set of natural numbers,

Z = the set of integer numbers,

Q = the set of rational numbers,

R = the set of real numbers,

C = the set of complex numbers,

and of the operations on them (see [15] or [22]);

• the idea of limit and of numerical series (as given in any calculus text, for

instance [12]);

• some elements of algebra (see [4], [15], [32] or [45]): in particular, the reader

will need the deﬁnitions of the main algebraic structures, like semigroups,

groups, rings, integral domains, ﬁelds;

• basic notions of linear algebra (see [13]): vector spaces, matrices, eigenvalues, and eigenvectors;

• elementary concepts of probability theory (see [5] or [29]).

1.1 Mathematical induction

In this section we shall ﬁx our attention on the set N = {0, 1, 2, 3, . . .} of

natural numbers on which, as is well known, the operations +, the addition,

and ·, the multiplication, as well as a natural order relation ≤ are given. Recall

2

1 A round-up on numbers

that both (N, +) and (N, ·) are semigroups, that is to say, the operations are

associative, and admit an identity element.

On the set N the map

succ : n ∈ N → n + 1 ∈ N

is deﬁned, associating with each natural number its successor. This mapping

is injective but not surjective, as 0 is not the successor of any natural number.

The existence of such an injective but not surjective mapping of N in itself

implies that it is an inﬁnite set.

Furthermore, the following fundamental property holds in N:

Mathematical induction. Let A be a subset of N satisfying the following

two properties:

(1) n0 ∈ A;

(2) if n ∈ A then, for each n, succ(n) = n + 1 ∈ A.

Then A includes all natural numbers greater or equal than n0 . In particular,

if n0 = 0, then A coincides with N.

It is well known that the existence of the mapping succ and mathematical

induction uniquely determine the set of natural numbers. Mathematical induction is important not only for the formal construction of the set N, but is

also a fundamental proof tool to which we want to draw the reader’s attention.

Let us look at a simple example. Suppose we want to solve the following problem: compute the sum of the ﬁrst n natural numbers, that is to say

compute the number

1 + 2 + · · · + (n − 1) + n.

Some of the readers might already know that this problem, in the case

n = 100, appears in an episode of Carl Friedrich Gauss’s life. When he was

six years old, his teacher gave it to his unruly pupils, in the hope that it

would take them some time to solve it, to keep them quiet in the meantime.

Unfortunately (for the teacher), Gauss noticed that

n + 1 = (n − 1) + 2 = (n − 2) + 3 = · · · ,

that is, the sum of the last term and of the ﬁrst one equals the sum of the

last but one plus the second one, and so forth; so he guessed in a few seconds

the general formula

1 + 2 + · · · + (n − 1) + n =

n(n + 1)

2

and immediately obtained

1 + 2 + · · · + 99 + 100 = 5050.

(1.1)

1.1 Mathematical induction

3

But how may we prove that, as young Gauss guessed, formula (1.1) always

holds? Of course, it is not possible to check it for each n by actually summing

up the terms, because we should verify an inﬁnite number of cases. What

mathematical induction allows us to do is precisely solving problems of this

kind, even in more general cases.

Consider a set X and a sequence {Pn } of propositions deﬁned in X, that

is, for each number n ∈ N, Pn is a proposition about the elements of X. For

instance, in the case X = N, we may take

Pn = formula (1.1) holds,

that is, Pn is the claim that for the number n ∈ N the sum 1+2+· · ·+(n−1)+n

equals n(n + 1)/2. Suppose we want to prove that the proposition Pn is true

for each n. Thus, we have to prove inﬁnitely many propositions. Consider the

set

A := {n ∈ N | Pn is true}.

We have to prove that A coincides with N. Applying mathematical induction

it suﬃces to proceed as follows:

(1) basis of the induction: prove that P0 is true;

(2) inductive step: prove that, for each k ≥ 0, from the truth of Pk (induction

hypothesis), it follows that Pk+1 is true.

Then we may conclude that Pn is true for each n ∈ N.

With a proof by induction we may obtain inﬁnitely many results in just

two steps. In this sense, it is a method of reduction from inﬁnite to ﬁnite, and

so it has a crucial importance, inﬁnity being by its very nature intractable.

Further on we shall show several methods, techniques and ideas in the same

spirit of reducing from inﬁnite to ﬁnite.

An apparently more restrictive, but actually equivalent (see Exercises

A1.1–A1.3) formulation of the same principle is as follows:

Complete induction (or Strong induction) (CI). Let A be a subset of N

satisfying the following properties:

(1) n0 ∈ A;

(2) if k ∈ A for each k such that n0 ≤ k < n, then n ∈ A as well.

Then A includes all natural numbers greater than n0 . In particular, if n0 = 0,

then A coincides with N.

This yields, as above, the following formulation:

(1) basis of the induction: prove that P0 is true;

(2) inductive step: prove that, for each k ≥ 0, from the truth of Ph for each

h ≤ k, it follows that Pk+1 is true.

4

1 A round-up on numbers

Then we may conclude that Pn is true for each n ∈ N.

Let the reader be warned that, as implicitely stated above, mathematical

induction, in itself, does not yield formulas, but allows us to prove them if

we already know them. In other words, if we already are in possession of the

sequence of propositions Pn we may hope to prove their truth by mathematical induction, but this method in itself will not give us the sequence Pn . In

practice, if we have a problem like the one given to Gauss as a young boy, in

order to guess the right sequence of propositions Pn it is necessary to study

what happens for the ﬁrst values of n and, following Gauss’s example, venture

a conjecture about the general situation.

As an example, we prove by induction formula (1.1).

The basis of the induction lies just in observing that the formula is obviously true for n = 1. Suppose now that the formula is true for a particular

value of n, and let us prove its truth for its successor n + 1. We have:

1 + 2 + · · · + (n − 1) + n + (n + 1) =

= [1 + 2 + · · · + (n − 1) + n] + (n + 1) =

=

(by induction hypothesis)

n(n + 1)

(n + 1)(n + 2)

+ (n + 1) =

.

2

2

This proves the inductive step for each n, and so proves formula (1.1).

Other examples in which mathematical induction is used to prove formulas

similar to (1.1) are given in the appendix at the end of this chapter (see

Exercises B1.5–B1.11).

Remark 1.1.1. Before carrying on, it might be useful to warn readers of the snares

deriving by erroneous applications of mathematical induction. In a proof by induction, both steps, the basis of the induction and the inductive step, are indispensable

to a correct application of the procedure, and both are to be correctly carried out.

Otherwise, we are in danger of making gross mistakes. For instance, an erroneous

application of mathematical induction might yield a proof of the following ludicrous

claim: All cats are the same colour.

Let us proceed by induction, by proving that for each n ∈ N, any set of n cats

is made up of cats of the same colour:

•

•

basis of the induction: It is obvious; indeed any set including a single cat is made

up of cats of the same colour, that is, the colour of the unique cat in the set.

inductive step: Suppose that every time we have n − 1 cats they are the same

colour and let us prove that the same claim holds for n cats. Examine the

following picture, where the dots represent cats:

n−1

• • • • •··· • • • ••.

(1.2)

n−1

By induction hypothesis, the ﬁrst n − 1 cats are all the same colour. By the

same reason, the last n − 1 cats are the same colour as well, this colour being

a priori diﬀerent from the colour of the ﬁrst cats. But the common cats, that is

the cats appearing both among the ﬁrst n − 1 and the last n − 1, must be the

same colour. So all the cats are the same colour.

1.2 The concept of recursion

5

Since, fortunately, there are cats of diﬀerent colours, we are conﬁdent that we

have made a mistake. Where is it? In the inductive step we used the fact that there

are cats in common to the two sets we were considering, the ﬁrst n − 1 cats and the

last n − 1 cats. But this is true only if n ≥ 3. So the inductive step does not hold

for each n because the implication from the case n = 1 to n = 2 does not hold.

Notice that if we want to prove a proposition Pn not for all values of n, but for

all n ≥ n0 , it is enough to prove as the basis for the induction the proposition Pn0

and then verifying the inductive step for each n ≥ n0 . Studying again the example

about cats, the inductive steps holds for n ≥ 2, but the basis of the induction does

not hold for n = 2, that is, it is not true that each pair of cats consists of cats of

the same colour!

1.2 The concept of recursion

Recursion is a fundamental concept, strictly connected to mathematical induction. Suppose we have a function deﬁned on the set N of natural numbers

taking values in a set X. Such a function is commonly said to be a sequence

in X and denoted by {an }n∈N , or simply {an }, where an is the value taken

by the function on the integer n. The values an are said to be the terms of

the sequence.

Suppose now we have a method allowing us to determine the term an for

each integer n greater or equal than a ﬁxed integer n0 when we know the term

an−1 . Suppose moreover we know the initial terms of the sequence, that is

a0 , a1 , a2 , . . ., an0 −1 , an0 . We claim that, with these premises, we are able

to compute the value of the sequence for each natural number n. This is a

consequence of mathematical induction and its easy proof is left to the reader

(see Exercise A1.10).

A particular but very interesting example of this procedure is the case of

numeric sequences satisfying linear recurrence relations. Let us give a general

deﬁnition:

Deﬁnition 1.2.1. Let {an }n∈N be a sequence of elements in a vector space V

on a ﬁeld K. A linear recurrence relation, or formula, for the sequence is a

formula of the kind

an+k = fk−1 (an+k−1 ) + fk−2 (an+k−2 ) + · · · + f0 (an ) + dn ,

(1.3)

holding for each integer n ≥ 0; here k is a positive integer, a0 , a1 , . . ., ak−1 are

the initial values or conditions, f0 , f1 , . . ., fk−1 are linear maps of V in itself,

called coeﬃcients of the recurrence relation, and {dn } is a (possibly constant)

sequence of elements in V said constant term. If dn = 0, the relation is said

to be homogeneous.

So, formula (1.3) gives an expression for the (n+k)-th term of the sequence

{an } as a function of the k preceding terms. We shall mostly consider the case

where {dn } is a constant sequence with each term equal to d. The word linear

6

1 A round-up on numbers

refers to the fact that we are working in a vector space V . In particular, it is

possible to consider sequences {an }n∈N of elements of K verifying a recurrence

relation. In this case f0 , f1 , . . ., fk−1 are the product by elements b0 , b1 , . . .,

bk−1 of K and relation (1.3) is of the form

an+k = bk−1 an+k−1 + bk−2 an+k−2 + · · · + b0 an + dn .

(1.4)

A sequence {an }n∈N is said to be a solution of a linear recurrence relation

of the form (1.3) if the terms an of the sequence satisfy the relation. It is

obvious that the sequence is uniquely determined by relation (1.3) and by the

initial terms a0 , a1 , . . ., ak−1 .

On the other hand, if we know that a sequence {an }n∈N of elements of the

ﬁeld K veriﬁes a linear recurrence relation of the form (1.4), but we do not

know the coeﬃcients b0 , b1 , . . ., bk−1 and the constant term d, we may expect

to be able to determine these coeﬃcients, and then the whole sequence, if we

know suﬃciently many terms of the sequence (see, as a particular instance,

Exercise A1.27).

Recurrence relations appear in a natural way when studying several different kinds of problems, like computing increments or decrements of populations with given reproduction rules, colouring pictures with just two colours,

computing the number of moves in diﬀerent games, computing compounded

interests, solving geometrical problems and so forth. Some of these problems

will be shown as examples or suggested as exercises in the appendix.

1.2.1 Fibonacci numbers

Example 1.2.2. Two newborn rabbits, a male and a female, are left on a

desert island on the 1st of January. This couple becomes fertile after two

months and, starting on the 1st of March, they give birth to two more rabbits,

a male and a female, the ﬁrst day of each month. Each couple of newborn

rabbits, analogously, becomes fertile after two months and, starting on the

ﬁrst day of their third month, gives birth to a new couple of rabbits. How

many couples are there on the island after n months?

In order to answer this question, we must construct a mathematical model

for the population increase of rabbits, as described in the example. Denote by

fn the number of couples of rabbits, a male and a female, that are present in

the island during the nth month. It is clear that fn is the sum of two numbers

completely determined by the situation in the preceding months, that is fn is

the sum

(1) of the number fn−1 of the couples of rabbits in the island in the (n − 1)-th

month, as no rabbit dies;

(2) of the number of the couples of rabbits born on the ﬁrst day of n-th

month, which are as many as the couples of rabbits which are fertile on

that day, and these in turn are as many as the fn−2 couples of rabbits

that were in the island two months before.

1.2 The concept of recursion

7

As a consequence, we may write for the sequence {fn }n∈N the following

recurrence relation:

fn = fn−1 + fn−2

for each n ≥ 2 with the obvious initial conditions f0 = 0 e f1 = 1.

The sequence {fn } of natural numbers satisfying the following recurrence

relation with given initial conditions

f0 = 0,

f1 = 1,

fn = fn−1 + fn−2

for n > 1,

(1.5)

is called Fibonacci sequence, and the terms of the sequence are called Fibonacci

numbers. Each term of the sequence is the sum of the two preceding terms and

knowing this sequence it is possible to give an answer to the problem described

in Example 1.2.2. The ﬁrst terms of the sequence are easy to compute:

0, 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 233, . . .

Fibonacci numbers are not only related to population increase, but are often found in the description of several natural phenomenona. For instance,

sunﬂowers’ heads display ﬂorets in spirals which are generally arranged with

34 spirals in one direction and 55 in the other. If the sunﬂower is smaller, it

has 21 spirals in one direction and 34 in the other, or 13 and 21. If it is very

large, it has 89 and 144 spirals! In each case these numbers are, not by chance,

Fibonacci numbers.

Fibonacci numbers were introduced by Leonardo Fibonacci, or Leonardo

Pisano, in 1202, with the goal of describing the increase of a rabbit population. These numbers have many interesting mathematical properties, so much

that along the centuries they have been, and still are, studied by many mathematicians. For instance, at the end of the 19th century Edouard Lucas used

some properties of Fibonacci numbers to show that the 39-digit number

170141183460469231731687303715884105727 = 2127 − 1

is a prime number (see Chapter 4).

Let us remark that writing relation (1.5) is not an altogether satisfying

way of answering the question posed in Example 1.2.2. We would like, in fact,

to have a solution of the recurrence relation (1.5), that is a closed formula

giving the n-th term of Fibonacci sequence, without having to compute all

the preceding terms. In order to do so, we shall use matrix operations and

some principles of linear algebra.

Consider the matrix on R

A=

0 1

1 1

.

We may rewrite conditions (1.5) in the following way:

A

fn−2

fn−1

=

fn−1

fn

for all n ≥ 2,

(1.6)

8

1 A round-up on numbers

that is, setting Xn =

fn−1

, consider the linear system

fn

AXn−1 = Xn ,

for all n ≥ 2,

and so

An X0 = Xn .

Thus, if we know An , to ﬁnd the closed formula expressing fn as a function

of the initial conditions it suﬃces to multiply the second row of An by X0 .

In this case it is easy to prove by induction, using formula (1.5), that (see

Exercise A1.28):

Proposition 1.2.3. For each integer number n ≥ 1 we have

An =

fn−1 fn

fn fn+1

,

where {fn } is Fibonacci sequence.

Unfortunately, in the general case it is not easy to compute the powers of

a matrix: in Chapter 2 we shall fully appreciate this problem, when we study

the computational complexity of some operations. In some cases, however, as

in the present one, the computation is not diﬃcult, as we are going to show.

If we have a diagonal matrix D, that is one of the form

D=

a 0

0 b

,

then computing Dn is trivial, because we have

Dn =

an 0

0 bn

.

Let us recall that a matrix B on a ﬁeld K is said to be diagonalisable

if there exists a matrix C whose determinant is not equal to zero such that

B = C · D · C −1 , where D is a diagonal matrix. For diagonalisable matrices

computing powers is also simple. In fact, if B is as above, we trivially have

B n = C · Dn · C −1 . As Dn is easy to compute, it suﬃces to know D and C

in order to know the powers of B. Now, there is an easy criterion to ascertain

whether a matrix is diagonalisable: an m × m matrix B is diagonalisable if its

characteristic polynomial PB (t) has m distinct roots in K (see the deﬁnitions

recalled in § 1.3.6). Let us recall that PB (t) is the polynomial of degree m on

K deﬁned as the determinant |B − tIm |, where Im is identity matrix , that is

the square m×m matrix with entries equal to 1 on the main diagonal and zero

elsewhere. The roots of the characteristic polynomial PB (t) that are elements

of K are called the eigenvalues of B. If B = C · D · C −1 with diagonal D, the

elements on the main diagonal of D are the eigenvalues of B.

1.2 The concept of recursion

9

For the real matrix A in (1.6) we have that

PA (t) = det

−t 1

1 1−t

= t2 − t − 1

is a polynomial having two distinct real roots given by

√

√

1+ 5

1− 5

,

λ2 =

.

λ1 =

2

2

(1.7)

Thus A is diagonalisable and as a consequence we have an expression of the

form A = C · D · C −1 , with

√

0

(1 + 5)/2

√

.

(1.8)

D=

0

(1 − 5)/2

The matrix C is easy to write down. The reader may verify (see Exercises

B1.12 and B1.13) that

√

1

1

1

−(1 −√ 5)/2 1

−1

√

√

, C =√

C=

. (1.9)

(1 + 5)/2 (1 − 5)/2

(1 + 5)/2 −1

5

In conclusion, by Proposition 1.2.3, we have the relation

√

n

fn−1 fn

(1 + 5)/2

√0

=C·

fn fn+1

0

(1 − 5)/2

n

· C −1 .

Hence, by multiplying the matrices in the right-hand side, we get the following

closed formula for the n-th Fibonacci number:

√ n

√ n

1+ 5

1

1− 5

.

fn = √

−

(1.10)

2

2

5

We give the following proposition, which generalises what we have proved

in the case of the recurrence relation (1.5).

Proposition 1.2.4. Given a positive integer k, consider the homogeneous linear recurrence relation deﬁned on a ﬁeld K

an+k = bk−1 an+k−1 + bk−2 an+k−2 + · · · + b0 an ,

for n ≥ 0,

(1.11)

where b0 , b1 , . . . , bk−1 are the coeﬃcients and a0 , a1 , . . . , ak−1 the initial values.

Consider the square k × k matrix deﬁned by

⎛

⎞

0 1 0 0 ... 0

⎜ 0 0 1 0 ... 0 ⎟

⎜

⎟

⎜ 0 0 0 1 ... 0 ⎟

⎜

⎟

A=⎜ . . . . .

. ⎟

⎜ .. .. .. .. . . .. ⎟

⎜

⎟

⎝ 0 0 0 0 ... 1 ⎠

b0 b1 b2 b3 . . . bk−1

## Tài liệu Frontiers in Number Theory, Physics, and Geometry II docx

## Tài liệu Frontiers in Number Theory, Physics, and Geometry I ppt

## Elementary Number Theory: Primes, Congruences, and Secrets pdf

## .EI-JEMENTARY LESSONS IN LOGIC..ELEMENTARY LESSONSIN LOGIC:DEDUCTIVE AND INDUCTIVE.WITH COPIOUS QUESTIONS AND EXAMPLES.ANDA VOCABULARY OF LOGICAL TERMS.BYw.,../STANLEY ]EVONS, M.A.PROFESSOR OF LOGIC IN OWENS COLLEGE, MANCHESTElLNEW EDI pdf

## a computational introduction to number theory and algebra - victor shoups

## a computational introduction to number theory and algebra - victor shoup

## a course in number theory and cryptography 2 ed - neal koblitz

## algebra and number theory - baker a.

## algebraic groups and number theory - platonov & rapinchuk

## an explicit approach to elementary number theory - stein

Tài liệu liên quan